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Claim Rejections - 35 USC §101 



1 



35 USC. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 



computer system that contains security policies, and access code. The Examiner asserts that 
because the applicant does not provide a definition of a token, the Examiner looks to the 
dictionary for the definition. According to Microsoft Computer Dictionary, a token is defined as 
a unique data structure(see pg. 389). Therefore, because claim 40 is directed to a data structure 
that contains software, which is merely security policies and access code stored on the token 
than, the Examiner asserts that the access token alone does not constitute statutory subject 
matter. Therefore, the claim is rejected. See MPEP 2107-2107.02 



3. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Angelo and 
(Authoritative Dictionary of IEEE Standards) and further in view of Lambert. 

5. As per claim 1, Angelo discloses a computer system(see fig. 1, sheet 1, and col. 4, lines 
39-40), a processor(102)(see fig. 1, sheet 1, and col. 4, lines 49-50), an access token 
communicator^. e. probe) for reading a token(i.e. smartcard)(see col. 6, lines 13-15, 33-36), an 



2 



The invention as recited in claim 40 is directed to an access token for use with a 



Claim Rejections - 35 USC §103 
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input device(158) of being capable of being coupled to the processor(see fig. 1, sheet 1), the 
input device being adapted to receive verification data, because Angelo discloses that the user is 
required to enter a password, and the password that is entered is verified (see col. 3, lines 40-48). 
Thus, if the two passwords match(i.e. verification data), than this confirms that the user is 
authorized to use the access token(see col. 3, lines 46-48). 

6. According to the Authoritative Dictionary of IEEE Standards, security level is defined as 
a hierarchical level whose purpose is to indicate degree of sensitivity to a designated security 
threat. It indicates a specific level of protection as specified by the security policy being 
enforced(see pg. 1015). Thus, since Angelo discloses security levels than Angelo discloses a 
security policy. Angelo discloses security policies(Le. security levels) that can require different 
levels of access by having different passwords(see col. 13, lines 19-22), thus access to the 
resources will be based on what password the user has been granted. Furthermore, Angelo 
discloses a software system executable on the processor, and including a system security process 
controlling operational access to the processor, because Angelo discloses that an access token 
communicator for reading data on the token and comparing the data that is inputted with data 
stored on the token. Thus, the comparison of the data, contains software inherent in order to 
verify the user to a particular resource. Also, Angelo discloses an access token and verification 
data(see col. 3, lines 33-38), setting security policies(i.e. levels), and controlling access to 
resources based on the security policies(i.e. levels)(see col. 13, lines 18-22). 

7. The Examiner takes Official Notice that it is well-known in the art to have a software 
system that contains executable program code, the motivation is that the executable program 
code is a complied program translated into machine code in a format that can be loaded into 
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memory and run by a computer's processor. Thus, the motivation of having executable program 
code is that it allows the software to run. 

8. Angelo does not expressly disclose a receiving a set of security policies from the access 
token in the processor in response to verification data. Angelo discloses a security policy(i.e. 
security levels). Angelo discloses security policies(i.e. security levels) that can require different 
levels of access by having different passwords(see col. 13, lines 19-22). However, Lambert 
expressly discloses in response to verification data, a set of security policies(i.e. levels) are 
received(see col. 2, lines 29-36, and col. 2, lines 4-16). Further, Lambert controls access to 
resources based on security policies(i.e. levels)(see col. 2, lines 43-44). 

9. Both (Angelo and IEEE Standards) with Lambert disclose access control with smartcard. 
It would have been obvious to include the feature of Lambert that discloses in response to 
verification data, a set of security policies are received, with Angelo and IEEE standards. The 
motivation is that Lambert recognizes a problem when seeking to control access to application 
program modules where a number of different users are required to be allowed access different 
security modules(see col. 1, lines 48-51 of Lambert). Lambert also discloses the conventional 
approach is that a table lookup process scans a static list to determine the access authority of the 
user, and the user is given access to certain applications according to their determined authority 
level(see col. 1, lines 55-61 of Lambert). Thus, such conventional system relying on lookup 
tables of user authorities are vulnerable to breaches of security even if the applications 
themselves are held in protected form(see col. 1, lines 62-65 of Lambert). An unauthorized 
person may seek to add themselves to the list or to change their authority level within the list(see 
col. 1, lines 65-67 of Lambert). Therefore, Lambert provides a more protective measure of 
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providing access to users by storing the access level on the card in the form of a key or 
dynamically generating the security policy once the user has typed in his/her PIN(see col. 2, lines 
29-36). 

10. Rejected under same basis as claim 1 and further, As per claim 2, Angelo discloses a non- 
volatile storage device operably coupled to the processor(see fig. 1, sheet 1), and a non- volatile 
storage device(see col. 5, lines 57-60) access password that selectively allows access to the 
nonvolatile storage device, wherein the nonvolatile storage device password is supplied in 
response to the access token reading device reading an access token and the input device 
receiving valid verification data(see col. 7, lines 54-58, col. 8, lines 19-25, 37-40). 

11. As per claim 3, Angelo discloses at least one of a set of policies(i.e. security levels) is 
stored within the nonvolatile storage device password(see col. 13, lines 12-14, 19-25, 34-43). 

12. As per claim 4, Angelo discloses wherein at least one of the set of policies (i.e. levels) is 
stored on the access token, because Angelo discloses that the user can have varying levels of 
access based on the password, thus when the user enters the password, this password is 
encrypted and compared to a encrypted value stored on the card (see col. 13, lines 19-24, 29-40). 

13. As per claim 5, Angelo discloses that one of the one or more policies (i.e. levels 
corresponds to the verification data, because Angelo discloses that when the user enters different 
passwords that are associated with different levels (i.e. policies) of access to the computer 
system, and if the user's password matches the password stored on the token (i.e. verification 
data), than the user is allowed access to certain resources based on the password that the user 
receives (see col. 13, lines 19-23, 30-43). 
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14. As per claim 9, Angelo discloses a password corresponding to the nonvolatile storage 
device access password (i.e. peripheral password) is stored on the access token (see col 3, lines 



15. As per claims 10-11, Angelo discloses that the access token (i.e. smartcard) includes one 
or more bytes of data in a non-keyboard enterable format (i.e. biometrics)(see col. 7, lines 47- 



16. As per claim 12, Angelo discloses wherein the verification data (i.e. password entered by 
way of biometrics) includes biometric data supplied by a user (see col. 7, lines 47-53). 

17. As per claim 13, Angelo discloses that the input device includes a keyboard for entering 
in the password, and the verification data includes a password (i.e. PIN) stored on the card (see 
col. 3, lines 40-48). 

18. As per claim 14 rejected under the same basis as claims 1-2, except, Angelo discloses one 
or more policies (i.e. levels) associated with the operating system, and wherein the operating 
system includes security code selectively enabled by the one or more policies to limit access to 
the computer system responsively to an access token read by the access token communication 
device (see col. 7, lines 15-25, 43-50, and col. 13, lines 18-25), and the access token 
communication device (i.e. computer) is the computer in Angelo because Angelo discloses that 
the computer is able to detect the presence of the token that is coupled to the computer(see col. 3, 
lines 33-39), the input device operable to transmit a security code(i.e. password) from a user to 
one or more processors(see col. 3, lines 52-54), the operating system inherent, permitting access 
to the nonvolatile storage device and the one or more processors if the security code and the set 



41-44). 



53). 
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of security policies(i.e. levels) match an authorization data stored in nonvolatile memory(see col. 
9, lines 12-29, 54-56, col. 13, lines 8-27). 

19. As per claim 16, Angelo discloses wherein the operating system includes a BIOS and 
wherein the BIOS is stored on nonvolatile memory that is electrically interconnected to the one 
or more processors (see col. 7, lines 15-22, fig. 1, sheet 1). 

20. As per claim 17, Angelo discloses the access token communication device includes a 
smart card communication device (see col. 6, lines 13-22, 33-36). 

21. As per claim 18, Angelo discloses the access token communication device includes 
network circuitry (i.e. adapted to receive signals) from one or more computers interconnected on 
a computer network (col. 5, lines 17-20, 51-53). 

22. As per claim 19, Angelo discloses the access token communication device includes a 
modem that receives signals from a communication line. 

23. As per claim 20, wherein the input device is a keyboard (159)(see fig. 1, sheet 1, col. 9, 
lines 49-50) 

24. As per claim 21, Although Angelo does not expressly disclose a biometric reading 
device, Angelo does disclose that the user can input information by using a biometric device (see 
col. 7, lines 50-53). The Examiner takes Official Notice that a biometric reading device is well- 
known, thus it would be obvious to have a biometric reader, because the motivation is that a 
biometric reader allows one to read the biometric data input by the user. 

25. As per claims 22-23, Although Angelo discloses a fingerprint scanner; a retinal scanning 
device(i.e. biometrics)(see col. 7, lines 50-53). 
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26. As per claim 24, Angelo discloses the nonvolatile storage device includes a hard disk 
drive(see col. 5, lines 56-59). 

27. As per claim 25, Angelo discloses a data access code stored in the nonvolatile memory, 
wherein a data request code corresponding to the data access code alters a state of the nonvolatile 
storage device, because Angelo discloses that if the data request code corresponds to the data 
access code(i.e. peripheral password stored in storage), than the state is altered by unlocking the 
storage device from locked to unlocked(see col. 9, lines 32-38, 43-48). 

28. As per claim 35, Angelo discloses that transferring one or more passwords from the 
access token to a computer system, because once the user enters the password, and the password 
is encrypted to produce a peripheral password, and this password is a system password that is 
combined with the password stored in memory (see col. 9, lines 33-35, 43-48). 

29. As per claim 36, Angelo discloses transferring is in response to an access code received 
by the access token, because Angelo discloses that the access code(i.e. password) is inputted by 
the user(see col. 3, lines 40-41), and then transferred to the computer system(see col. 3, lines 44- 
48). 

30. As per claims 37-38, Angelo discloses wherein one of the one or more passwords 
corresponds to a computer system password installed on the computer system(see col. 8, lines 
20-23), and wherein one of the one or more passwords corresponds to a nonvolatile storage 
device password installed on a nonvolatile storage device(see col. 9, lines 12-32). 

31. As per claim 40, Angelo discloses wherein the one or more security policies(i.e. levels) 
are stored in an encrypted format, because based on the password that the user has entered is 
encrypted and this encrypted key has policies that are associated that allow a user to access 
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certain resources or devices(see col 3, lines 37-48, and col. 13, lines 18-26). Further, Microsoft 
Computer Dictionary defines a data stream to be a byte-by-byte flow of data(see pg. 1 10). 
Therefore, a data stream(i.e. password) is bytes of data. 

32. As per claims 41-42, recited the same limitations as claim 14, and further means for 
reading an access token, means for receiving an authentication password(i.e. peripheral 
password), means for verifying the validity of the access token based on the authentication 
password, means for unlocking a nonvolatile storage device on the computer(see col. 9, lines 13- 
38, 43-54). As per the limitation of security policies has already been addressed see claim 1 
above. 

Allowable Subject Matter 

33. As per claims 6-8 are indicated as being allowed for the limitations of wherein one of the 
one or more polices includes a BIOS control information that is used to configure the computer 
system, wherein the BIOS control information further includes password change information, the 
password change information including one or more password change settings for a user using 
the one or more security policies. Prior art such as Angelo and Lambert fails to disclose these 
limitations although both disclose security policies neither Angelo nor Lamber discuss what type 
of policies that will give the user access to a particular type of service or resource. 

34. As per claims 26-34 are allowed for the limitations of storing a master password on the 
access token, storing a nonvolatile storage device password on the token and comparing the 
verification data to the master password and the nonvolatile storage device password for access 
to the computer system. Prior art such as Angelo and Lambert fails to disclose the comparing a 
master password those limitations. Angelo discloses upon a user inputting a password a 
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peripheral password is created and compared to the password in storage. As per the prior art of 
Lambert, when the user inputs a password, a key is generated and this key is compared to an 
access key that defines a security level of user in contrast to the claimed invention. 

Response To Amendment 

35. The 101 rejection on claim 40 remains rejected. The Applicant states that the invention is 
not a token, which is defined as a unique data object or message that circulates continuously 
among the nodes of a token ring and describes the current state of the network. The Examiner 
asserts that a token is just data. Thus, claim 40 is directed to non-statutory subject matter. 

36. Applicant's arguments filed July 15, 2002 have been fully considered but they are not 
persuasive. 

37. Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1(b) because they amount to a 
general allegation that the claims 1-42 define a patentable invention without specifically pointing 
out how the language of the claims patentably distinguishes them from the references. 

Objected To 

38. As per claim 15 is objected to as being dependent on rejected base claim 14. 

Final, Necessitated By Amendment 

39. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
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the end of the THEEE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E Jackson whose telephone number is (703) 306-0426. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gail Hayes can be reached on (703) 305-971 1. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703) 305-0040 for regular 
communications and (703) 308-6306 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 



Conclusion 





October 17, 2002 



GAIL HAYES 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



